on 09-26-2013 8:53 PM
Hi All
We are in process for implementing GRC AC 10 for one of our clients and are currently in functional phase of the project. We understand that managers would need to be assigned a role which provides them with the approver access. How can we automate the below process?
Appreciate if you can share the best practices in automating the above mentioned process.
Let me know if you need additional details.
Note: We are planning to use LDAP as a the source of users/user details.
Thank you.
Anjan Pandey
Hello Anjan
i dont think there is any best practice for your requirement as it depend how many approver you have .
If you have less number of approvers (manager ) best way would be to createt ham manually or use LSMW or ecatt script if you want to automate them .
with one of the client for us ,ABAPer also write a script to pull the manager id from LDAP and assign default GRC approver role ,
By the way how many managers you need to create in GRC
Hope it helps .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Asheesh,
Thanks for your response. The count of managers would be approximately between 20000 - 30000. Considering the dynamic org changes in the organisation we are willing to automate the process of ID creation and role assignment. Creating a script is an option we were considering, just thinking loud if we have any other option.
Do you have any idea on the impacts on costs for creating so many IDs in GRC box if the customer has enterprise license.
We have also raised a message to SAP to suggest the solution.
Thanks.
Anjan Pandey
Hi All,
Do we have any other options available for the issue raised in the discussion. There are additional thoughts and questions.
Looking forward to your responses.
Thank you.
Anjan Pandey
Hello Anjan
I am sure for 1 point , audit if able to caugh will raise concern , why you want to do so ,
for 2 nd oint ,GRC licensig is doesnot work standard way so better to check with license team at Customer side .
we also had enterprise license and never faced any issue with approver master data
Kind regards
Asheesh
Anjan:
Have you thought about doing an LDAP Sync to your GRC Instance? There you can sync the users into the SU01 as well as assign the necessary roles that you create. This is native functionality for SAP NW ABAP. Assuming that your LDAP has the correct managers entered, I would think that there would be a way to segregate out which user IDs you can sync in. I am not a BASIS person, but have been at customers where the LDAP Sync is used for this load.
Thanks
Kevin Tucholke
This message was moderated.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi, Recently we have implemented GRC AC 10. we have collected all Manager/Approver list from HR and created all approver using ecat with approver role, email address and password. ecat is the best solution and you can go this way. Thanks, Arif
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Anjan,
We are not yet live on GRC 10, so at this point this is just our plan, but we expect to utilize our IdM solution to identify who the managers are, based on their attributes coming in from HR. If you have direct reports (your PERNR is populated in a particular place in someone else's record), you are a thereby for this purpose a "manager," and it will create your ID and provision the necessary portal access and backend ABAP role. It is still under development, so we are keeping our fingers crossed that all the kinks will soon be worked out.
Gretchen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for your response. We are trying to understand if we have any standard solution from SAP to automate the provisioning. I am sure many implementations would have had this as a question. Particulalrly in large organisations, this step needs to be automated.
All the best for success of teh solution approach you have taken.
Thank you.
Anjan Pandey
Dear Anjan,
I did not get your exact requirement. Do you want that all the manager specific role gets added automatically as soon as you create a request for the manager? If this is your requirement, I would suggest you to use the concept of Template based request or model user request.
Please let me know if my understanding is correct or not?
Thanks & Regards
Japneet Singh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.